Sfcyazilim Sonlogger vulnerabilities
2 known vulnerabilities affecting sfcyazilim/sonlogger.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-27964P1CRITICALCVSS 9.8ExploitedPoCfixed in 6.4.12021-03-05
CVE-2021-27964 [CRITICAL] CWE-434 CVE-2021-27964: SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
nvd
CVE-2021-27963P3HIGHCVSS 8.2fixed in 6.4.12021-03-05
CVE-2021-27963 [HIGH] CWE-306 CVE-2021-27963: SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAd
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
nvd